Web applications are typically written in a combination of several programming languages (e.g., JavaScript on the client side, and PHP with embedded SQL commands on the server side), and generate structured output in the form of dynamically generated HTML pages that may refer to additional scripts to be executed. Since the application is built using a complex mixture of different languages, programmers may inadvertently make mistakes and introduce faults in the applications, resulting in web application crashes and malformed dynamically-generated HTML pages that can seriously impact usability.
Moreover, it is difficult to find errors and faults, especially errors and faults that lead to security vulnerabilities in a client-server environment. One reason for this difficulty is that a server application may dynamically generate HTML, JavaScript and other client code that violates information flow.